🚨 23,958 IPs. 5 countries. 1 target.

Palo Alto Networks' GlobalProtect portals are under coordinated brute-force login attacks—no vulnerability yet, but the threat is real.

Urgent:
✅ Update PAN-OS
✅ Enforce MFA
✅ Harden your portals

🔗 Full story: https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html

🔥 Cyberattacks are scaling like startups — thanks to Initial Access Brokers (IABs).

🔹 In 2024, 58% of hacked access sells for under $1K.
🔹 Target sectors are widening — no one’s safe.
🔹 USA, Brazil, France top the hit list.

Cheaper access = faster, wider cyberattacks.

Details + defense tips 👉 https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html

🚨 Paper Werewolf (aka GOFFEE) is hitting Russian government, energy, and media sectors with a stealthy new weapon → PowerModul.

It hijacks systems via fake Word/PDF files → deploys PowerShell malware → pivots with Mythic agents.

Read: https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html

⚡ Even patching won't save you.

Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN.

Full details 👉 https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

🚨 New cyber threat alert!

Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.

They're now using MSI packages—ditching old methods—to steal browser data, files, and credentials across Windows & Linux.

Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html

AI is already rewriting cybersecurity—and most defenders are unprepared.

Hackers are using AI to automate attacks in minutes, while security teams still react manually.

The new arms race isn’t humans vs. humans.

It’s AI vs. AI.

Learn more → https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html

🔥 Defenses can fail. Trusted tools can turn.

This week's newsletter covers how breaches happen before you even know they're possible.

⚡ Read and prepare → https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html

🚨 Precision-targeted attacks are validating emails in real-time before stealing credentials.

🔍 Only verified, high-value accounts see fake login screens. No email? You’re redirected to Wikipedia to dodge detection.

Learn more: https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html

🚨 Threat ALERT: ResolverRAT is hitting healthcare and pharma sectors hard — phishing, fear-bait, stealth attacks.

🛡️ Sophisticated multi-stage RAT
🌐 Localized lures: Hindi, Italian, Turkish + more
🕵️‍♂️ Advanced evasion: encryption, IP rotation, memory-only payload

🔗 Read: https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html

🔥 Meta’s AI is coming for your public posts — but you can still opt out.

Starting this week, Meta is using public EU content from Facebook, Instagram & more (comments, posts, AI chats — not DMs).

Regulators approved it after a 1-year pause. Opt-out links are rolling out. Check your app or email.

👉 Act now → https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html

🚨 Alert — A 9.0 CVSS flaw in Gladinet’s CentreStack also affects Triofox—both used for remote access.

Attackers exploited it as a zero-day in March, hitting 7 orgs by April 11.

🔑 Root cause: Hardcoded crypto keys → enabled RCE via PowerShell + DLL sideloading

🔗 Read: https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html

🚨 Hired by Hackers?

Devs on LinkedIn targeted in stealth malware attacks disguised as job offers.

Slow Pisces, linked to North Korea’s Bybit hack (Feb 2025), is now luring coders with fake challenges to drop RN Stealer—a macOS info-stealer pulling iCloud, SSH, and cloud config files.

➡️ Learn how it works: https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html

🚨 Apache Roller Hit by 10.0 CVSS Flaw!

Old sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently.

All versions ≤6.1.4 affected.

👉 Full details: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html

🔒 Fixed in v6.1.5. Patch now.

🚨 Your biggest enterprise risk might be hiding in plain sight — THE BROWSER EXTENSIONS.

👀 99% of employees use them
👀 53% access sensitive data
👀 54% have unknown publishers

🔥 Your entire org could be one extension away from compromise.

🔗 Act now → Audit, assess, and lock down. Learn how: https://thehackernews.com/2025/04/majority-of-browser-extensions-can.html

Sophisticated phishing attacks are now routinely bypassing MFA, SSO, and multiple security layers across email, network, and endpoints.

Join the latest webinar from Push Security to learn why phishing attacks are more attractive than ever for attackers in 2025 — and what you can do to stop it.

Register here 👉 https://thn.news/phishing-webinar-it

⚠️ UNC5174 (aka Uteus), tied to China, is quietly breaching Linux & macOS systems using SNOWLIGHT malware + a fake Cloudflare app (VShell).

🔍 Targets: 20+ nations | Sectors: Gov, finance, defense
🛠 Tactics: Open-source tools, fileless payloads, fake authenticator apps
👀 Risk: Remote control, in-memory attacks, hard-to-trace

🔗 Full details: https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html

"Your firewall won’t save you."

Hackers are using ChatGPT to craft phishing lures & scan attack surfaces.

Meanwhile, most orgs still cling to VPNs & 30-year-old security models.

🔥 Zero Trust + AI isn’t hype — it’s survival.

Don’t fall behind: https://thehackernews.com/expert-insights/2025/04/rethinking-cyber-defense-with-zero.html

🛑 CRITICAL ALERT → U.S. funding for MITRE’s CVE vulnerability database program ends Wednesday.

MITRE warns: no funding = no new CVEs, degraded threat advisories, and slower incident response.

🛠️ CVEs power security tools, alerts, and patching across critical infrastructure.

🔍 Without it, defenders lose a key part of their playbook.

🔗 Full story → https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html

🚨 New Android Phones, Pre-Loaded with Malware?!

Since June 2024, cheap Androids from Chinese brands like SHOWJI come with trojanized WhatsApp/Telegram apps out of the box.

📱 Fake models: “S24 Ultra”, “Note 13 Pro”, etc.
💸 Malware replaces your crypto wallet address in chats
🧠 Scans your images for mnemonic phrases
💰 Hackers netted $1.6M+ via 40+ infected apps & 60+ C2 servers

🔗 Check the list & protect your crypto → https://thehackernews.com/2025/04/chinese-android-phones-shipped-with.html

🚨 BPFDoor is back—with a stealthy new controller in play.

A fresh wave of BPFDoor attacks has hit telecom, finance & retail sectors in 🇰🇷🇲🇾🇭🇰🇲🇲🇪🇬 — using a stealth controller that opens reverse shells & moves laterally inside Linux networks.

🔗 Read → https://thehackernews.com/2025/04/new-bpfdoor-controller-enables-stealthy.html

⚠️ Why hack in… when you can just log in?

80% of breaches stem from SaaS identity misconfigurations.

One compromised account can trigger a chain: Entra ID takeover → GitHub exfiltration → Slack leaks

Wing Security gives full SaaS visibility—no agents, no blind spots.

✅ Identity & app mapping
✅ Real-time threat detection
✅ Full attack timeline

🔍 See how it works: https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html